Fix stateful filtering of loopback IPv6 traffic to an address not configured

on lo0. While here fix a comment. PR: kern/102647 Reported by: Frank Steinborn Submitted by: suz (earlier version) MFC after: 3 days
author: mlaier <mlaier@FreeBSD.org> 2006-09-06 17:19:45 +0000
committer: mlaier <mlaier@FreeBSD.org> 2006-09-06 17:19:45 +0000
commit: 9e3a82aacc8c031e76f2432575ec9887d35d0d98 (patch)
tree: daa706b3ef77ebe2d8ae66149c66fd2b16f73f3e /sys/contrib
parent: f044a1949bf52ae215c04b5885db0a0fa58680cf (diff)
download: FreeBSD-src-9e3a82aacc8c031e76f2432575ec9887d35d0d98.zip
FreeBSD-src-9e3a82aacc8c031e76f2432575ec9887d35d0d98.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c
index 715b541..2681112 100644
--- a/sys/contrib/pf/net/pf_ioctl.c
+++ b/sys/contrib/pf/net/pf_ioctl.c
@@ -3438,11 +3438,17 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
     struct inpcb *inp)
 {
 	/*
-	 * IPv6 does not affected ip_len/ip_off byte order changes.
+	 * IPv6 is not affected by ip_len/ip_off byte order changes.
 	 */
 	int chk;
 
-	chk = pf_test6(PF_IN, ifp, m, NULL, inp);
+	/*
+	 * In case of loopback traffic IPv6 uses the real interface in
+	 * order to support scoped addresses. In order to support stateful
+	 * filtering we have change this to lo0 as it is the case in IPv4.
+	 */
+	chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? &loif[0] : ifp, m,
+	    NULL, inp);
 	if (chk && *m) {
 		m_freem(*m);
 		*m = NULL;
author	mlaier <mlaier@FreeBSD.org>	2006-09-06 17:19:45 +0000
committer	mlaier <mlaier@FreeBSD.org>	2006-09-06 17:19:45 +0000
commit	9e3a82aacc8c031e76f2432575ec9887d35d0d98 (patch)
tree	daa706b3ef77ebe2d8ae66149c66fd2b16f73f3e /sys/contrib
parent	f044a1949bf52ae215c04b5885db0a0fa58680cf (diff)
download	FreeBSD-src-9e3a82aacc8c031e76f2432575ec9887d35d0d98.zip FreeBSD-src-9e3a82aacc8c031e76f2432575ec9887d35d0d98.tar.gz